Flash Encryption + Secure Boot V2
Posted: Mon Feb 10, 2025 9:06 am
Can anyone tell me how the two methods will initially work together.
When i building the project with Flash Encryption + Secure Boot V2, it will be signed with the manually generated private key. Then the unencrypted firmware with sign gets into memory, generate encrypt key and is encrypted there, after which it is restarted. How will Secure Boot v2 work in this case now if it was signed for UNENCRYPTED firmware, but now it is encrypted data in memory? Or first the decryption occurs and then the signature is verified?
And it turns out that if I need to encrypt the firmware remotely, then first I need to sign it and then encrypt it, but not the other way around?
Thanks!
When i building the project with Flash Encryption + Secure Boot V2, it will be signed with the manually generated private key. Then the unencrypted firmware with sign gets into memory, generate encrypt key and is encrypted there, after which it is restarted. How will Secure Boot v2 work in this case now if it was signed for UNENCRYPTED firmware, but now it is encrypted data in memory? Or first the decryption occurs and then the signature is verified?
And it turns out that if I need to encrypt the firmware remotely, then first I need to sign it and then encrypt it, but not the other way around?
Thanks!